cbcvebase.
CVE-2020-11896
published 2020-06-17

CVE-2020-11896: The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling.

PriorityP276critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
36.96%
98.3th percentile
The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling.

Affected

2 ranges
VendorProductVersion rangeFixed in
paloaltopan-os
trecktcp_ip< 6.0.1.666.0.1.66

Detection & IOCsextracted from sources · hover to see the quote

otherTreck TCP/IP stack before 6.0.1.66
  • Detect exploitation attempts targeting CVE-2020-11896 by monitoring for malformed/specially crafted IP packets exploiting IPv4 tunneling length parameter inconsistencies in Treck TCP/IP stack implementations (versions before 6.0.1.66).
  • The vulnerability is exploitable from an adjacent network (AV:A), not remotely over the internet — scope detection to local network segments hosting affected devices (SIMATIC RTLS4030G, RTLS4430G, or any Treck stack device).
  • Flag anomalous IP packet length field inconsistencies (e.g., mismatched inner/outer header lengths in IPv4-in-IPv4 tunneled traffic) as a primary network-layer indicator of Ripple20/CVE-2020-11896 exploitation attempts.
  • Cisco Bug ID CSCvu68945 is associated with CVE-2020-11896 in Cisco products; use this identifier when querying Cisco PSIRT or internal ticketing for affected asset inventory.
  • ·Attack complexity is HIGH (AC:H) and the attack vector is adjacent network only (AV:A) — exploitation requires the attacker to be on the same network segment as the target device, limiting remote internet-based exploitation.
  • ·No fix is planned for affected Siemens SIMATIC RTLS Gateway products (RTLS4030G and RTLS4430G, all versions); detection and network segmentation are the primary mitigations.
  • ·No known public exploitation specifically targeting CVE-2020-11896 had been reported to CISA at time of advisory publication (February 2024).

CVSS provenance

nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.